Lucene search

[email protected]NVD:CVE-2013-6426

HistoryDec 14, 2013 - 5:21 p.m.

CVE-2013-6426

2013-12-1417:21:47

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

51.1%

JSON

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

Affected configurations

Nvd

Node

openstackheatRange≤2013.2

VendorProductVersionCPE
openstackheat*cpe:2.3:a:openstack:heat:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openstack	heat	*	cpe:2.3:a:openstack:heat::::::::

References

rhn.redhat.com/errata/RHSA-2014-0090.html

www.openwall.com/lists/oss-security/2013/12/11/9

www.securityfocus.com/bid/64243

bugs.launchpad.net/heat/+bug/1256049

exchange.xforce.ibmcloud.com/vulnerabilities/89658

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

51.1%

JSON

Related for NVD:CVE-2013-6426

cvelist1 ubuntucve1 seebug1 debiancve1 veracode2 cve1 prion1 redhat1